Differences

This shows you the differences between two versions of the page.

--- configure_tls_1_2_default_secure_protocol_windows_server_2008_r2_sp1 [2021/09/30 15:06] – [Configuration Information for TLS 1.2.] wikiadmin
+++ configure_tls_1_2_default_secure_protocol_windows_server_2008_r2_sp1 [2021/09/30 15:28] (current) – [Configure the Registry to Turn on TLS 1.2] wikiadmin
@@ Line 9: / Line 9: @@
 ===== Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows =====
-This update provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1.
+The Windows update (Described in Knowledge base article KB3140245) provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1.
-To obtain the stand-alone package for this update, go to the Microsoft Update Catalog website here: https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245 and download and install the catalog update applicable to your server, such as "Update for Windows Server 2008 R2 x64 Edition (KB3140245).
+To obtain the stand-alone package for this update (KB3140245), go to the Microsoft Update Catalog website here: [[https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245]] and download and install the catalog update applicable to your server, such as the **Update for Windows Server 2008 R2 x64 Edition (KB3140245)**.
-Prerequisites for your server:  To apply this update, you Windows Server 2008 R2 must have installed Service Pack 1 (SP1) for Windows 7 or Windows Server 2008 R2.
+__Prerequisites for your server__:  To apply this update, your Windows Server 2008 R2 must have installed **Service Pack 1 (SP1)** for Windows 7 or Windows Server 2008 R2.
 To understand why this update is or may be necessary, please review this Microsoft Support article:  https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392
@@ Line 28: / Line 28: @@
 At the top of the Window's registry tree, select "Computer" right click on "Computer" and left click "Export" and then supply a name to the registry backup file, and save this exported copy of your registry in a folder (directory) where in the future you can locate and import this registry backup if you happen to make a huge mistake while editing the Windows registry.
+===== Configure the Registry to Turn on TLS 1.2 =====
 In the registry, browse to **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols**
@@ Line 70: / Line 72: @@
 **800**.
+===== Block RC4 in .NET TLS =====
+If you have .NET Framework 4.x installed on the server, you should:
+Add a **SchUseStrongCrypto** DWORD value to the **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319** registry key and also add it to the **HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319** registry key.
+From the Windows search bar, use regedit to open the Window Registry Editor.
+Browse to **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319**.
+Create a new DWORD value named:
+**SchUseStrongCrypto**
+Set the value to:
+**1**
+On a 64-bit version of Windows, browse to **HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319** and repeat this same procedure by--
+Creating a new DWORD value named:
+**SchUseStrongCrypto**
+and setting the value to:
+**1**
+==== Note: Restart the computer after modifying the registry ====